Description of Related Technology Access control is required for secure communication in most prior art wireless radio communication systems. As an example, one simple access control scheme might comprise: (i) verifying the identity of a communicating party, and (ii) granting a level of access commensurate with the verified identity. Within the context of an exemplary cellular system (e.g., Universal Mobile Telecommunications System (UMTS)), access control is governed by an access control client, referred to as a Universal Subscriber Identity Module (USIM) executing on a physical Universal Integrated Circuit Card (UICC). The USIM authenticates the subscriber to the UMTS cellular network. After successful authentication, the subscriber is allowed access to the cellular network. As used hereinafter, the term “access control client” refers generally to a logical entity, either embodied within hardware or software, suited for controlling access of a first device to a network. Common examples of access control clients include the aforementioned USIM, CDMA Subscriber Identification Modules (CSIM), IP Multimedia Services Identity Module (ISIM), Subscriber Identity Modules (SIM), Removable User Identity Modules (RUIM), etc.
Common implementations of USIM software are based on the Java Card™ programming language. Java Card is a subset of the Java™ programming language that has been modified for embedded “card” type devices (such as the aforementioned UICC). Traditionally, the USIM performs the well known Authentication and Key Agreement (AKA) procedure, which verifies and decrypts the applicable data and programs to ensure secure initialization. Specifically, the USIM must both (i) successfully answer a remote challenge to prove its identity to the network operator, and (ii) issue a challenge to verify the identity of the network. USIM based access control is limited to only a single Mobile Network Operator (MNO) at a time.
Existing USIM solutions are hard-coded to the physical UICC card media; the subscriber needs a new UICC to change USIM operation. This can be detrimental to both MNOs and subscribers; for example, if the authentication procedures are “broken” (e.g., via malicious “hacking” or other such activities), the subscriber must be issued a new UICC, and this process is both time consuming and expensive. Moreover, for reasons described in greater detail subsequently herein, the physical UICC only contains a single USIM entity; existing solutions are not suitable for handling multiple USIM profiles within the same UICC.
However, there are several benefits stemming from the physicality of the UICC card itself. Specifically, unlike software which can be replicated easily, the card is a physical element which is more difficult to reproduce. The physical barrier to reproduction provides tangible benefits for distribution, sale, piracy, etc. For example, a would-be software pirate cannot sell multiple copies of the same SIM card. Moreover, since “cloning” or copying a SIM card is generally illegal, the one valid physical card can be distinguished from illicit clones. Similarly, vendors can use typical inventory management procedures for SIM cards e.g., purchase, store, liquidate, etc.
Moreover, some users perceive (whether correctly or not) the physical SIM card as somehow being more secure and less likely to be the subject of surreptitious copying or distribution since, inter alia, the card is ostensibly always in their possession.
Thus, improved solutions are required for more flexible distribution of subscriber identity (e.g., UMTS USIM) applications while still maintaining backward compatibility with current physical card media distribution schemes. In addition, it is desired to maintain compliance with existing legal requirements associated with purchasing access client data.